pepelyaevip/vuln-list-alt
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
965bfc23c8
vuln-list-alt/oval/c9f2/ALT-PU-2017-1996/definitions.json
pepelyaevip 56bb29c44b ALT Vulnerability
2024-06-28 13:17:52 +00:00

239 lines
9.7 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"Definition": [
{
"ID": "oval:org.altlinux.errata:def:20171996",
"Version": "oval:org.altlinux.errata:def:20171996",
"Class": "patch",
"Metadata": {
"Title": "ALT-PU-2017-1996: package `collectd` update to version 5.7.2-alt1.S1",
"AffectedList": [
{
"Family": "unix",
"Platforms": [
"ALT Linux branch c9f2"
],
"Products": [
"ALT SPWorkstation",
"ALT SPServer"
]
}
],
"References": [
{
"RefID": "ALT-PU-2017-1996",
"RefURL": "https://errata.altlinux.org/ALT-PU-2017-1996",
"Source": "ALTPU"
},
{
"RefID": "BDU:2017-02653",
"RefURL": "https://bdu.fstec.ru/vul/2017-02653",
"Source": "BDU"
},
{
"RefID": "CVE-2017-16820",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-16820",
"Source": "CVE"
},
{
"RefID": "CVE-2017-7401",
"RefURL": "https://nvd.nist.gov/vuln/detail/CVE-2017-7401",
"Source": "CVE"
}
],
"Description": "This update upgrades collectd to version 5.7.2-alt1.S1. \nSecurity Fix(es):\n\n * BDU:2017-02653: Уязвимость функции csnmp_read_table (snmp.c) SNMP-плагина демона Сollectd, позволяющая нарушителю вызвать аварийное завершение работы приложения\n\n * CVE-2017-16820: The csnmp_read_table function in snmp.c in the SNMP plugin in collectd before 5.6.3 is susceptible to a double free in a certain error case, which could lead to a crash (or potentially have other impact).\n\n * CVE-2017-7401: Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with \"SecurityLevel None\" and with empty \"AuthFile\" options) via a crafted UDP packet.",
"Advisory": {
"From": "errata.altlinux.org",
"Severity": "Critical",
"Rights": "Copyright 2024 BaseALT Ltd.",
"Issued": {
"Date": "2017-08-07"
},
"Updated": {
"Date": "2017-08-07"
},
"BDUs": [
{
"ID": "BDU:2017-02653",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://bdu.fstec.ru/vul/2017-02653",
"Impact": "Critical",
"Public": "20170519"
}
],
"CVEs": [
{
"ID": "CVE-2017-16820",
"CVSS": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CWE": "CWE-415",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-16820",
"Impact": "Critical",
"Public": "20171114"
},
{
"ID": "CVE-2017-7401",
"CVSS": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CWE": "CWE-835",
"Href": "https://nvd.nist.gov/vuln/detail/CVE-2017-7401",
"Impact": "High",
"Public": "20170403"
}
],
"AffectedCPEs": {
"CPEs": [
"cpe:/o:alt:spworkstation:8.4",
"cpe:/o:alt:spserver:8.4"
]
}
}
},
"Criteria": {
"Operator": "AND",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:3001",
"Comment": "ALT Linux must be installed"
}
],
"Criterias": [
{
"Operator": "OR",
"Criterions": [
{
"TestRef": "oval:org.altlinux.errata:tst:20171996001",
"Comment": "collectd is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996002",
"Comment": "collectd-apache is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996003",
"Comment": "collectd-bind is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996004",
"Comment": "collectd-cgi is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996005",
"Comment": "collectd-cgi-apache2 is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996006",
"Comment": "collectd-cgi-nginx is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996007",
"Comment": "collectd-cluster is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996008",
"Comment": "collectd-curl is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996009",
"Comment": "collectd-dbi is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996010",
"Comment": "collectd-full is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996011",
"Comment": "collectd-ganglia is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996012",
"Comment": "collectd-ipmi is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996013",
"Comment": "collectd-memcached is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996014",
"Comment": "collectd-mysql is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996015",
"Comment": "collectd-nginx is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996016",
"Comment": "collectd-notify_desktop is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996017",
"Comment": "collectd-notify_email is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996018",
"Comment": "collectd-nut is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996019",
"Comment": "collectd-openvz is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996020",
"Comment": "collectd-ping is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996021",
"Comment": "collectd-postgresql is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996022",
"Comment": "collectd-rrdcached is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996023",
"Comment": "collectd-rrdtool is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996024",
"Comment": "collectd-sensors is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996025",
"Comment": "collectd-snmp is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996026",
"Comment": "collectd-tokyotyrant is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996027",
"Comment": "collectd-virt is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996028",
"Comment": "collectd-xmms is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996029",
"Comment": "libcollectdclient is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996030",
"Comment": "libcollectdclient-devel is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996031",
"Comment": "nagios-plugins-collectd is earlier than 0:5.7.2-alt1.S1"
},
{
"TestRef": "oval:org.altlinux.errata:tst:20171996032",
"Comment": "perl-Collectd is earlier than 0:5.7.2-alt1.S1"
}
]
}
]
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink